[^^^]


Trust anchor

All my domains are under control of stargrave.org’s nameservers. DNSSEC inherently sucks, at least because it is global-scale PKI, so it is not secure against government-level adversary. That is why, my nameservers use DNSCurve technology. All my TLS certificates use DANE, so their subject public key hashes are stored inside DNS TLSA records. However all that certificates are also signed by my own ca.cypherpunks.ru CA.

There are my authoritative DNSCurve PGP signed nameservers below. Of course the trust anchor is my PGP key.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns3.stargrave.org.
uz5kh6w1c4bcqbxn7ljmtjhyjzku1spm2xckmhukq30dsmy2m18v7m.ns4.stargrave.org.
uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIpNVsPbb+nIRVbvGHh7ERWs1C6UFAl82qRIACgkQHh7ERWs1
C6U6/w/9FatgAy0Es3i2EhuVtv1M7Ey1JD4SWAW5zo1b5FG+xg7SEdKM3OdBH5xq
UdB08UPB4gmckpkfvkOcPBNZTW3zbPESHqZZ9dZEyxpUQVbSskHjVGoSCxp93q5+
FdGb0bABc1TIsPtiSOh+xCf/ynqoH8v/GFRedJYyI82INj60Xre0Jw039Yz9OpjJ
0tx/gCZ3XC9z4jPnde5WozBvsqcSd9DYzyjKkwSe4hCbMgfCOHIxW0PD78JM3OyS
Uv3Zoq/yrLUv0HXQt8cqqbE5c3s8bvAvKLJs09cby+Fti+ZddTHe346CSi+Jidme
uW7PFoiQiEKJbyB1hrJQYryL+WHR3xjZVypyNVMpoEzUrnfSYmkK2Oa/p6516Cey
uovXy54waFbbFqnkoP555jemc+ppE5IpPzDO1g4dRTGWosMYjoFswWfYgBKziITw
cyVZEJKuD2PSqrJD/FQsxxUABuJxm+FjSCYKnqOVa0f3zLDN23sjpcthOxblbzRF
nwcI5UwxwVNzv50E+P+Z70908wvUpHikfc3yrDRhh3m43i7qUvEyn9vw7CgumF/h
7AfV/w7I2N7IND9CO5pfsM/jBMyv2sIXco+hNkcnKLwPMVqyQEo1gril0rCG+Vou
OtzbBu4VwJ67nimhFtNX0YuaLGm77TZM2EDeYD3+o07VlAV4snE=
=IW4N
-----END PGP SIGNATURE-----